The present disclosure relates to data processing, and more specifically, to methods, systems and computer program products for anonymous secure socket layer (SSL) certificate verification in a trusted group.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), (both frequently referred to as “SSL”), are cryptographic protocols that provide communications security over a computer network. The protocols may be used in applications, such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP), to secure all communications between their servers and clients (e.g. web browsers).
Client-server applications may use SSL protocols to communicate across a network in a way designed to prevent eavesdropping and tampering. A web server may send a requesting device a digital certificate. The certificate may contain the server name, the trusted certificate authority (CA), and the server's public encryption key.
The client device may confirm the validity of the certificate before proceeding with loading the requested web page. However, if the interaction with the web server is first for the client device, the client device may not be able to verify whether the certificate is from the website or from a malicious third party.